以某种方式可以将用户密码放入激活电子邮件中吗?
我有一个电子邮件模板,我想把密码放入,以便用户知道初始密码。
但是密码属性是直接哈希的,并且没有以明文形式提供,因此我可以将其放入电子邮件中。我也不想要额外的财产,例如clearPassword然后将存储在db中(即使它可能是很短的时间)。我搜索了瞬态属性,但目前似乎不可能。
有关如何使用初始密码存档激活电子邮件的任何提示吗?
答案 0 :(得分:1)
所以对于某些人来说,我在这里遇到同样问题是多么困难:
首先,为了能够在没有密码的情况下创建用户,我会在保存用户之前生成一个用户。
User.observe('before save', function(ctx, next) {
var model = (ctx.instance) ? ctx.instance : ctx.data;
if (!model.password) {
//generate short random password
model.password = Math.random().toString(36).slice(-8);
}
next();
});
然后我实现了自己的方法来激活用户:
/**
*
* Activates the user account and sets the new password.
*
*/
User.activate = function(credentials, cb) {
//check if email and token was provided
if (!credentials.email || !credentials.verificationToken) {
var crednetialsErr = "Email or token are invalid. Please check your inputs.";
return cb(crednetialsErr, false);
}
//find the user with the given informations
User.findOne({
where: {
and: [
{email: credentials.email},
{verificationToken: credentials.verificationToken}
]
}
}, function(err, user) {
if (err) {
//error occured while find the user object
return cb(err, false);
}
if (!user) {
//no user was found
var crednetialsErr = "Email or verificationToken are invalid. Please check your inputs.";
return cb(crednetialsErr, false);
}
//set the new password
user.password = credentials.password;
user.save(function(err, user) {
var redirectUrl = '/';
if (err) {
cb(err, false);
}
//confirms the user account and activates it
User.confirm(user.id, credentials.verificationToken, redirectUrl, function(err) {
cb(err, true);
});
});
});
};
/**
*
* Description of the new activate remote function.
*
*/
User.remoteMethod(
'activate',
{
description: 'Activates the user and sets the given password',
accepts: [
{
arg: 'credentials',
type: 'object',
required: true,
http: {
source: 'body'
},
description: 'Must contains \'email\',\'verificationToken\' and \'password\' key.'
},
],
returns: {arg: "success", type: 'bool'},
http: {
verb: "post"
}
}
);